tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

allow ueventd sysfs_type lnk_file

Browse source 
ueventd is allowed to change files and directories in /sys,
but not symbolic links. This is, at a minimum, causing the
following denial:

type=1400 audit(0.0:5): avc: denied { getattr } for comm="ueventd" path="/sys/devices/tegradc.0/driver" dev=sysfs ino=3386 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_tegradc:s0 tclass=lnk_file

Allow ueventd to modify labeling / attributes of symlinks.

Change-Id: If641a218e07ef479d1283f3171b2743f3956386d
This commit is contained in:
Nick Kralevich 2014-07-09 23:07:10 -07:00
parent b59dc27a1b
commit 1d2ff86963
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ueventd.te
View file

@ -10,7 +10,7 @@ allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio da
allow ueventd device:file create_file_perms;
allow ueventd device:chr_file rw_file_perms;
allow ueventd sysfs:file rw_file_perms;
allow ueventd sysfs_type:file { relabelfrom relabelto setattr getattr };
allow ueventd sysfs_type:{ file lnk_file } { relabelfrom relabelto setattr getattr };
allow ueventd sysfs_type:dir { relabelfrom relabelto setattr r_dir_perms };
allow ueventd sysfs_devices_system_cpu:file rw_file_perms;
allow ueventd tmpfs:chr_file rw_file_perms;